SUMMARY Cybersecurity researchers at Deep Instinct have uncovered a novel and powerful Distributed Component Object Model (DCOM) based…

The U.S. House of Representatives unanimously approved a bill aimed at enhancing cyber resilience against state-sponsored threats. This... The post US House passes legislation to bolster cyber...

Microsoft has patched dozens of vulnerabilities in December, including one zero-day being exploited in the wild

Researchers from Nozomi Networks Labs analyzed a Phoenix Contact mGuard industrial router, uncovering 12 vulnerabilities during a comprehensive... The post Nozomi detects 12 security flaws in...

US doughnut chain Krispy Kreme suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. [...]

A zero-day vulnerability in Cleo file transfer software is being exploited in data theft attacks

The multi-cloud data warehousing platform said it will completely phase out single factor authentication with passwords by November 2025

Recent guidance from CISA and the FBI highlights best practices to monitor and harden network infrastructure. The guidance, published in response to high-profile attacks on telecom infrastructure,...

Authored By Sakshi Jaiswal, Anuradha M In Q3 2024, McAfee Labs identified a sharp rise in the Remcos RAT threat.... The post The Stealthy Stalker: Remcos RAT appeared first on McAfee Blog.

Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code...

Author: Guus Beckers Back in 2022 Fox-IT decided to open source its proprietary incident response tooling known as Dissect. Since then it has been adopted by many different companies in their...

Author: Guus Beckers Back in 2022 Fox-IT decided to open source its proprietary incident response tooling known as Dissect. Since then it has been adopted by many different companies in their...

The design of the gun police say they found on the alleged United Healthcare CEO's killer—the FMDA or “Free Men Don’t Ask”—was released by a libertarian group.

Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day...

Adobe, too. The post Microsoft closes 2024 with extensive security update appeared first on CyberScoop.

Datadog researchers identified an intrusion targeting Amazon Simple Email Service (SES) in an AWS environment, where attackers employed advanced persistence techniques. The attack was notable for...

The vulnerability — CVE-2024-50623 — was recently patched by software developer Cleo and affects the company’s LexiCom, VLTransfer and Harmony products. However, researchers at cybersecurity firm...

Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting...

The Patch Tuesday for December of 2024 includes 72 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”

It would go beyond the FCC’s own proposal to regulate telecommunications carriers under federal wiretapping law. The post Wyden legislation would mandate FCC cybersecurity rules for telecoms...

Cybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing) campaign that's designed to distribute an updated version of the Antidot banking trojan. "The attackers...

The Black Basta ransomware group is using advanced social engineering tactics and a multi-stage infection process to target organizations.

The U.S. sanctioned a Chinese cybersecurity company and one of its employees for exploiting a zero-day vulnerability in Sophos firewalls to target U.S. organizations. On Tuesday, the U.S. Treasury...

ChatGPT Plus and Pro users now have access to Sora Turbo, intended to be faster and safer than the version shown in February.

The U.S. Federal Energy Regulatory Commission (FERC) has issued a final rule updating its regulations to include, with... The post FERC finalizes Version 4.0 standards for gas pipeline efficiency...

A new NetRise report provides an in-depth analysis of software compositions, vulnerability risks, and non-CVE risks across various... The post NetRise study: Containers fastest-growing, though...

Sichuan Silence Information Technology Company and one of its employees, Guan Tianfeng, were the targets of the sanctions, and the Justice Department indicted Guan for his role in the attacks. The...

A critical security flaw in Dell Power Manager has been discovered that could allow attackers to compromise your systems and execute arbitrary code.

In today’s rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often...

The department’s Office of Foreign Assets Control said Guan Tianfeng used a zero-day exploit to deploy malware on 81,000 firewalls. The post Treasury sanctions Chinese cyber company, employee for...